[cdi-dev] Thoughts on Phases and Events for the Security spec

Mon Dec 22 14:11:32 EST 2014

Hi,

On Monday, December 22, 2014, Antonio Goncalves <antonio.goncalves at gmail.com
<javascript:_e(%7B%7D,'cvml','antonio.goncalves at gmail.com');>> wrote:

> Hi all,
>
> The CDI spec defines the "Transactional observer methods" (§10.4.5) with a
> TransactionPhase :
>
> public enum TransactionPhase {
>   IN_PROGRESS,
>   BEFORE_COMPLETION,
>   AFTER_COMPLETION,
>   AFTER_FAILURE,
>   AFTER_SUCCESS
> }
>
> void onDocumentUpdate(@Observes(*during=AFTER_SUCCESS*) @Updated Document
> doc) { ... }
>
>
> Now that there is a new Security specification coming along, it would be
> helpful to be able to *observe before/after the user logs-in or logs-out*,
> for example. First I thought "well, the Security spec defines a set of
> events, fires them, and we just have to observe them". But what about the
> "during" phase ? What would make more sense in such use case ? Using the
> same "during" mechanism or events ?
>

I think separate events may be better.

Maybe I'm mistaken but the way I think the transactional events are used is
that during a transactional method an event is fired. The event is then not
delivered right away to all observers, but for those using
during=after_success only when the TX commits. This is kinda like what JMS
does; a message is only send when the TX commits, or send right away. CDI
offers 3 other cases, but I feel that those first two are the main ones.

For authentication events I don't think we can really speak of a
"logging-in" method. Even if we would appoint one (e.g. validateRequest()
in a SAM) then I'm not sure whether any random event published during that
method would have any need to be queued until just before or after
authentication actually happens.

Instead, we would merely be interested in the actual events; the moment the
container is about to authenticate (so we can potentially veto) and the
moment right after that (so we can take an action such as loading data
related to the user into the current session).

Just my 2 cents. Hope I understood the case correctly.

Kind regards,
Arjan

>
> public enum LoginPhase {
>   BEFORE_LOGIN,
>   AFTER_LOGIN,
>   BEFORE_LOGOUT,
>   AFTER_LOGOUT,
> }
>
> void onLogout(@Observes(*during=BEFORE_LOGOUT*) User user) { ... }
>
>
> Any thoughts ?
>
> --
> Antonio Goncalves
> Software architect, Java Champion and Pluralsight author
>
> Web site <http://www.antoniogoncalves.org> | Twitter
> <http://twitter.com/agoncal> | LinkedIn
> <http://www.linkedin.com/in/agoncal> | Pluralsight
> <http://pluralsight.com/training/Authors/Details/antonio-goncalves> | Paris
> JUG <http://www.parisjug.org> | Devoxx France <http://www.devoxx.fr>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/cdi-dev/attachments/20141222/0e2f7b60/attachment-0001.html 